• About
  • Advertise
  • Careers
  • Contact
Saturday, July 2, 2022
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

School software provider Active Network discloses data breach

by Cyber360 News
January 6, 2020
in Security
0
School software provider Active Network discloses data breach
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

The US-based School management software provider Active Network disclosed a severe security breach last week.

Active Network provides web-based school management software for K-12 schools and districts, last week it announced to have suffered a major security breach.

The hackers gained access to Blue Bear, a cloud school accounting software customized especially for K-12 schools and districts to help manage and simplify schools’ activity fund accounting.

According to Active Network data breach notice, parents who accessed Blue Bear-based web store to pay school fees or buy books and other material between October 1, 2019, and November 13, 2019, might have had their personal data stolen.

Exposed data include name, store username and password, payment card number, payment card expiration date, and payment card security code.

“We recently identified suspicious activity on the Blue Bear platform. Our investigation determined the activity related to Blue Bear webstore users between October 1, 2019 and November 13, 2019. During this time, some personal information that you provided may have been accessed or acquired by unauthorized third parties.” reads the notice of data breach.

“While we are unable to determine with certainty whether your personal information was affected, the personal information involved may have included: name, credit card or debit card number ending in <>, expiration date and security code (the three or four-digit value included on the front or back of payment cards and used for verification of certain transactions), and Blue Bear account usernames and passwords. This incident did not involve unauthorized access to Social Security numbers, driver license numbers, or similar government ID card numbers.”

The company reported the issue to the California Attorney General’s office and launched an investigation with the help of a leading cybersecurity firm. The Abington Cole and Ellery law firm is currently investigating the incident, attempting to involve impacted users in a class-action.

Based on the information disclosed by Active Network, the attackers were able to compromise the platform and plant a software skimmer designed to collect users’ payment card data while they were finalizing their purchases through Blue Bear software.

In October 2019, the Federal Bureau of Investigation (FBI) has released an alert on e-skimming attacks. E-skimming took place when hackers compromise an e-commerce site and plant a malicious code designed to siphon payment card data or personally identifiable information (PII).

E-skimming attacks were initially observed in the wild in 2016, their number rapidly increased since then. In the last years, numerous attacks involving software skimmers were carried out by threat actors under the Magecart umbrella.

The attacks used various techniques across the time to carry out an e-skimming attack, such as exploiting flaws in the e-commerce platform (i.e. Magento, OpenCart). In other attacks, hackers have compromised plugins used by e-commerce platforms in a classic supply chain attack or have injected software skimmers inside a company’s cloud hosting account that was poorly protected.

Another attack scenario sees hackers targeting the administrators of the platform with social engineering attacks in an attempt to obtain his credentials and use them to plant the malicious code in the e-store.

Hacker groups under the Magecart umbrella focus in the theft of payment card data with software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010. 

According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.

The list of victims of the groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify. 

Active Network announced to have taken steps to enhance its monitoring tools and security controls, the company is also offering users free identity monitoring services.

An Active Network spokesperson could not be immediately reached over the weekend for additional insights and comments.

Pierluigi Paganini

(SecurityAffairs – Active Network, data breach)



Share On


Cyber360 News

Cyber360 News

Next Post
Travelex Website Still Down After Malware Attack

Travelex Website Still Down After Malware Attack

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In